fix: scim user query endpoint don't allow SortBy custom field (#9235)

# Which Problems Are Solved - scim list users endpoint (`GET /scim/v2/{orgId}/Users`): handle unsupported `SortBy` columns correctly # How the Problems Are Solved - throw an error if sorting by an unsupported column is requested # Additional Context Part of #8140
2025-08-11 20:47:32 +00:00 · 2025-01-27 18:30:27 +01:00
parent b19333726c
commit 30a54fc1eb
2 changed files with 9 additions and 1 deletions
--- a/internal/api/scim/integration_test/users_list_test.go
+++ b/internal/api/scim/integration_test/users_list_test.go
@@ -93,6 +93,14 @@ func TestListUser(t *testing.T) {
 			wantErr:   true,
 			errorType: "invalidValue",
 		},
 		{
 			name: "custom sort field",
 			req: &scim.ListRequest{
 				SortBy: gu.Ptr("externalid"),
 			},
 			wantErr:   true,
 			errorType: "invalidValue",
 		},
 		{
 			name: "unknown filter field",
 			req: &scim.ListRequest{
--- a/internal/api/scim/resources/resource_list.go
+++ b/internal/api/scim/resources/resource_list.go
@@ -118,7 +118,7 @@ func (r *ListRequest) toSearchRequest(defaultSortCol query.Column, fieldPathColu
 	if r.SortBy == "" {
 		// set a default sort to ensure consistent results
 		sr.SortingColumn = defaultSortCol
-	} else if sortCol, err := fieldPathColumnMapping.Resolve(r.SortBy); err != nil {
+	} else if sortCol, err := fieldPathColumnMapping.Resolve(r.SortBy); err != nil || sortCol.FieldType == filter.FieldTypeCustom {
 		return sr, serrors.ThrowInvalidValue(zerrors.ThrowInvalidArgument(err, "SCIM-SRT1", "SortBy field is unknown or not supported"))
 	} else {
 		sr.SortingColumn = sortCol.Column